Intrusion Tolerance in Distributed Middleware

Authors:
Rabih Zbib;Farooq Anjum;Abhrajit Ghosh;Amjad Umar
Affiliations:
Telcordia Technologies, 1 Telcordia Drive, Piscataway, NJ 08854, USA. rabih@research.telcordia.com;Telcordia Technologies, 1 Telcordia Drive, Piscataway, NJ 08854, USA;Telcordia Technologies, 1 Telcordia Drive, Piscataway, NJ 08854, USA;Professor of Information and Communication Systems, Fordham Graduate School of Business, 130 W 60th Street, New York, USA
Venue:
Information Systems Frontiers
Year:
2004

Citing 6
Cited 0

Computer security basics

Computer security basics
A taxonomy of computer program security flaws

ACM Computing Surveys (CSUR)
How to share a secret

Communications of the ACM
Are We Forgetting the Risks of Information Technology?

Computer
Software vulnerability analysis

Software vulnerability analysis
Processing of confidential information in distributed systems by fragmentation1This work has been partially supported by the ESPRIT Basic Research Action no.6362, PDCS2 (Predictably Dependable Computing Systems). 1

Computer Communications

Quantified Score

Hi-index	0.00

Visualization

Abstract

Many existing and new applications rely on several layers of middleware services that must be able to withstand intrusions and attacks from a very wide range of players. In this paper we discuss the concept of Intrusion Tolerance in distributed middleware. We start by presenting a threat analysis of the current commercial middleware technologies. We then discuss basic intrusion tolerance techniques such as Fragmentation-Redundancy-Scattering (FRS) and Threshold Cryptography. Then follows a description of a generic architecture that builds upon these techniques to compensate for intrusion vulnerabilities in commercial middleware, and finally we briefly describe how this architecture can be generalized.